Ransomware criminal group leaks MSI’s private code on darkweb

The ransomware gang that targeted Taiwanese PC manufacturer MSI has leaked the company’s private code signing keys on their darkweb leak site. These keys play a critical role in verifying the authenticity and integrity of software and firmware updates released by MSI. This exposure poses a significant risk, as malicious actors could exploit these keys to distribute malware or engage in other malicious activities, potentially endangering MSI’s customers.

Alleged members of Scattered Spider face multiple charges for phishing attacks and cryptocurrency theft, with arrests made in the US and Spain.

The ransomware gang responsible for targeting Taiwanese PC manufacturer MSI has leaked the private code signing keys of the company available on their darkweb leak site. The attack, orchestrated by the group known as Money Message, was announced in early April: The group revealed that they had successfully breached the systems of MSI, a multinational IT corporation renowned for its production and distribution of motherboards and graphics cards worldwide, including in the USA and Canada. MSI is headquartered in Taipei, Taiwan.

It is reported that initially, the criminal group demanded a ransom from MSI, threatening to publish the stolen files if their demands were not met by a specified deadline. However, the group has eventually exposed MSI’s private code signing keys on their darkweb leak site. These keys are of significant importance as they are used to authenticate the legitimacy and integrity of software and firmware updates released by the company. Malicious actors could potentially misuse these keys to distribute malware or carry out other malicious activities, putting MSI’s customers at risk. The company now faces the daunting task of mitigating the potential fallout from this exposure and bolstering their cybersecurity measures to prevent further unauthorized access.